.png)
.png)
Privacy & Security
We know that privacy and security aren’t just features, they’re fundamental requirements when choosing any platform that touches client data. That’s why our platform is built to meet, and exceed, the safeguards you expect and the Law Society of BC recommends. Our platform meets industry-leading security standards to protect your data. All data transfers are secured with end-to-end encryption through HTTPS, keeping your information safe from interception. Our platform leverages Firebase’s robust authentication systems, offering secure sign-ins via email, password, and trusted providers like Google and Facebook, ensuring user accounts are protected. We also implement granular security rules within our databases, allowing access control based on user roles and conditions to safeguard sensitive information. Our platform complies with key standards like ISO 27001, SOC 1/2/3, and GDPR, while providing built-in protection against threats like SQL injection and cross-site scripting (XSS). Additionally, we have automatic backups and protection against common vulnerabilities, giving you peace of mind that your data is safe and secure at all times.
We further prioritize your privacy and security by hosting all data on Canadian servers, ensuring full compliance with Canadian data residency laws. By keeping your data within Canada, we protect it under strict privacy regulations like PIPEDA and provincial laws, safeguarding it from foreign access and ensuring it remains subject only to Canadian jurisdiction. This commitment to local data residency not only enhances privacy but also gives peace of mind knowing your sensitive information is handled with the utmost care and aligned with national standards.
Divii is a Canadian legal technology platform designed to support the structured drafting of separation agreements. The platform has been architected with a strong emphasis on data residency, confidentiality, deterministic document generation, and carefully governed artificial intelligence integration.
Divii’s core agreement engine is deterministic and logic-based rather than AI-generated. Agreement structure and standard clauses are assembled through structured software logic, meaning identical inputs will produce consistent outputs.
Artificial intelligence functionality is available only as an optional drafting assistance tool and must be intentionally invoked by the user. When AI assistance is used, generated content appears as an editable draft and is never automatically inserted into agreements. Lawyers retain full editorial control and responsibility for reviewing all language before it becomes part of a document.
Divii recognizes that privacy and information security are fundamental considerations when selecting any platform that may involve confidential client information. The platform has therefore been designed to align with the safeguards expected by Canadian legal professionals and with guidance issued by Canadian law societies regarding the responsible use of technology in legal practice.
The platform operates on secure cloud infrastructure hosted in Canada and incorporates layered security controls including encryption, role-based access management, and controlled administrative privileges.
This document provides an overview of Divii’s infrastructure architecture, security controls, data handling practices, AI governance framework, and alignment with professional responsibility obligations.
Divii operates on Google Cloud Platform (GCP) using Firebase services for application hosting, authentication, and database management.
Google Cloud provides enterprise-grade infrastructure with built-in redundancy, secure data centre operations, and continuous monitoring. The platform is fully cloud-hosted and does not rely on on-premise servers.
Divii prioritizes Canadian data residency by hosting primary production data within Canadian Google Cloud data centres. User accounts, agreement content, and associated application data are stored within Canadian infrastructure wherever possible.
Maintaining Canadian data residency supports compliance with Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial privacy frameworks. By maintaining primary data storage within Canada, Divii helps ensure that confidential client information is handled within Canadian legal and regulatory frameworks.
While the platform may interact with certain external services through secure API integrations, Divii does not intentionally store core production data outside Canada.
All communications between users and the Divii platform are secured using HTTPS with Transport Layer Security (TLS) encryption, ensuring that information transmitted between user devices and the platform is encrypted during transmission.
Data stored within Divii’s databases is encrypted at rest within Google Cloud infrastructure using industry-standard encryption mechanisms. Backup data and system snapshots are similarly encrypted and subject to controlled access permissions.
These protections help safeguard sensitive information against unauthorized disclosure or access.
Divii operates on infrastructure maintained by Google Cloud Platform, which maintains internationally recognized security certifications including:
• ISO 27001 information security management standards
• SOC 1, SOC 2, and SOC 3 audit frameworks
• infrastructure controls designed to support GDPR compliance
These certifications apply to Google Cloud’s underlying infrastructure and reflect widely accepted standards for secure cloud computing environments.
Within the platform itself, access to internal systems and production environments is restricted to authorized personnel and governed through role-based access controls and the principle of least-privilege access. Administrative access requires multi-factor authentication (MFA).
Authentication for platform users is managed through Firebase Authentication, which provides secure identity management and credential-based login systems.
These controls help ensure that system access is appropriately restricted and monitored.
Divii’s infrastructure incorporates automated backups and database recovery capabilities designed to protect against data loss or service interruption.
Cloud infrastructure provides redundancy across Canadian regions, helping reduce the risk of service disruption caused by localized infrastructure failures.
Operational monitoring and logging tools are used to support system reliability, detect unusual activity, and maintain security oversight.
Divii incorporates artificial intelligence functionality in a controlled manner designed to support drafting efficiency while preserving lawyer oversight and editorial responsibility.
AI capabilities are accessed through secure API connections to external AI services, including the OpenAI ChatGPT API.
Deterministic Agreement Engine
Divii’s primary agreement drafting framework does not rely on artificial intelligence.
Agreement sections, clause structures, and conditional logic are hard-coded within the platform and assembled using structured software logic. This deterministic approach ensures consistency and predictability in the drafting process.
AI systems do not construct or modify the underlying agreement architecture.
Optional & User-Initiated AI Assistance
Artificial intelligence features are not automatically engaged during the drafting process. AI functionality appears only as an optional drafting tool within specific areas of the platform.
Users may complete the entire drafting process without invoking AI.
Editorial Control & Supervision
When AI assistance is used, generated text appears in a separate drafting interface rather than being automatically inserted into the agreement.
The clause must be reviewed, edited, and intentionally inserted by the user. All generated content remains fully editable.
AI outputs should therefore be understood as draft suggestions rather than final legal work product.
Confidentiality in AI Use
AI features operate through secure API integrations.
When AI drafting assistance is requested, user inputs are transmitted solely for the purpose of generating the requested output. API interactions are configured so that submitted data is not used to train public AI models.
AI systems do not have independent access to Divii accounts or stored documents and operate only in response to user-initiated prompts.
Canadian law societies emphasize that lawyers must remain competent in the use of technology and must supervise technology-assisted work in the same manner as work performed by human assistants.
Divii’s architecture is designed to support lawyers in meeting these obligations by providing structured drafting tools while preserving full lawyer oversight.
The platform supports the protection of confidential client information, supervision of automated drafting tools, and preservation of independent professional judgment.
Divii does not provide legal advice, assess fairness, or create solicitor–client relationships.
Lawyers remain responsible for reviewing and approving all documents generated using the platform.
Divii operates solely as a software provider.
The platform does not sell, mine, or use customer data for advertising or model training purposes. Agreement content and user information remain private within the platform environment and are used only for the purpose of providing the service.
Users retain ownership and control of their content. Divii does not access or review user agreement content except where necessary to maintain or support the platform, and such access is restricted to authorized personnel subject to confidentiality obligations.
Divii has been designed to provide a secure drafting environment that combines Canadian-hosted cloud infrastructure, enterprise-grade security controls, deterministic document generation, and carefully supervised AI assistance.
By maintaining full lawyer editorial control and prioritizing Canadian data residency and privacy protections, the platform is intended to enhance drafting efficiency while preserving the central role of legal judgment and professional responsibility.